From 833948eaff7fcc3ca1dabe4e3a7926bff1711c9c Mon Sep 17 00:00:00 2001 From: Nikos Date: Fri, 21 Apr 2023 12:34:45 +0300 Subject: [PATCH] Move k8s_network_policies to library --- .../kratos/v0/kubernetes_network_policies.py | 42 ++++++++++++++++++- src/charm.py | 14 +++---- 2 files changed, 47 insertions(+), 9 deletions(-) rename src/k8s_network_policies.py => lib/charms/kratos/v0/kubernetes_network_policies.py (75%) diff --git a/src/k8s_network_policies.py b/lib/charms/kratos/v0/kubernetes_network_policies.py similarity index 75% rename from src/k8s_network_policies.py rename to lib/charms/kratos/v0/kubernetes_network_policies.py index db760f58..ae6fa6e1 100644 --- a/src/k8s_network_policies.py +++ b/lib/charms/kratos/v0/kubernetes_network_policies.py @@ -1,8 +1,35 @@ #!/usr/bin/env python3 -# Copyright 2022 Canonical Ltd. +# Copyright 2023 Canonical Ltd. # See LICENSE file for licensing details. -"""A helper class for managing kubernetes network policies.""" +"""Interface library for creating network policies. +This library provides a Python API for creating kubernetes network policies. +## Getting Started +To get started using the library, you need to fetch the library using `charmcraft`. +```shell +cd some-charm +charmcraft fetch-lib charms.kratos.v0.kubernetes_network_policies +``` +Then, to initialise the library: +```python +from charms.kratos.v0.kubernetes_network_policies import ( + K8sNetworkPoliciesHandler, + NetworkPoliciesHandlerError, + PortDefinition, +) +Class SomeCharm(CharmBase): + def __init__(self, *args): + self.network_policy_handler = K8sNetworkPoliciesHandler(self) + + def some_event_function(): + policies = [(PortDefinition("admin"), [self.admin_ingress_relation]), (PortDefinition(8080), [])] + self.network_policy_handler.apply_ingress_policy(policies) +``` + +The function in this example will only allow traffic to the charm pod to the "admin" port from the app on the +other side of the `admin_ingress_relation` and all traffic to the "8080" port. Ingress traffic to all other ports +will be denied. +""" import logging from dataclasses import dataclass @@ -20,6 +47,17 @@ from ops.charm import CharmBase from ops.model import Relation + +# The unique Charmhub library identifier, never change it +LIBID = "f0a1c7a9bc084be09b1052810651b7ed" + +# Increment this major API version when introducing breaking changes +LIBAPI = 0 + +# Increment this PATCH version before using `charmcraft publish-lib` or reset +# to 0 if you are raising the major API version +LIBPATCH = 1 + logger = logging.getLogger(__name__) diff --git a/src/charm.py b/src/charm.py index 3b7cb09b..52418245 100755 --- a/src/charm.py +++ b/src/charm.py @@ -31,6 +31,11 @@ LoginUITooManyRelatedAppsError, ) from charms.kratos.v0.kratos_endpoints import KratosEndpointsProvider +from charms.kratos.v0.kubernetes_network_policies import ( + K8sNetworkPoliciesHandler, + NetworkPoliciesHandlerError, + PortDefinition, +) from charms.kratos_external_idp_integrator.v0.kratos_external_provider import ( ClientConfigChangedEvent, ExternalIdpRequirer, @@ -54,11 +59,6 @@ from ops.model import ActiveStatus, BlockedStatus, MaintenanceStatus, ModelError, WaitingStatus from ops.pebble import Error, ExecError, Layer -from k8s_network_policies import ( - K8sNetworkPoliciesHandler, - NetworkPoliciesHandlerError, - PortDefinition, -) from kratos import KratosAPI if TYPE_CHECKING: @@ -539,10 +539,10 @@ def _apply_network_policies(self, event: HookEvent) -> None: try: self.network_policy_handler.apply_ingress_policy( [ - (PortDefinition(1, KRATOS_PUBLIC_PORT - 1), ()), + (PortDefinition(1, KRATOS_PUBLIC_PORT - 1), []), (PortDefinition(KRATOS_PUBLIC_PORT), [self.public_ingress.relation]), (PortDefinition(KRATOS_ADMIN_PORT), [self.admin_ingress.relation]), - (PortDefinition(KRATOS_ADMIN_PORT + 1, 65535), ()), + (PortDefinition(KRATOS_ADMIN_PORT + 1, 65535), []), ] ) except NetworkPoliciesHandlerError: